Node.js 0.10 can leak fds in certain situations that affect express.static and res.sendfile. Malicious requests could cause fds to leak and eventually leak to EMFILE errors and server unresponsiveness.

4.8.0

Sparse arrays with extremely high indexes in query string could cause the process to run out of memory and crash the server.

Extremely nested query string objects could cause the process to block and make the server unresponsive temporarily.

Node.js 0.10 can leak fds in certain situations that affect express.static and res.sendfile. Malicious requests could cause fds to leak and eventually leak to EMFILE errors and server unresponsiveness.

3.16.0

Sparse arrays with extremely high indexes in query string could cause the process to run out of memory and crash the server.

Extremely nested query string objects could cause the process to block and make the server unresponsive temporarily.

3.3.0

The 404 response of an unsupported method override attempt was susceptible to cross-site scripting attacks.